Have no fear, your new wingman is here! AI is by your side and ready to help you multiply your abilities. Patrick Johnson, Director of the Workforce Innovation Directorate at the DoD CIO discusses how his team is working to further implement AI ethically and safely in areas such as human capital to expedite finding talent. Patrick also shares his passion for building cyclical pipelines to ensure that talent, and ideas, flow seamlessly between the government and private sector. Join us as we dive further into AI’s benefits and how government and industry can be cyber workforce innovation partners.Key Topics02:06 Lag in civilian workforce training upscaling needed.03:19 Balancing talent, training and automation for better security.08:22 Leaders understand AI as a force multiplier.12:15 Our motivations are different; utilizing AI for advancement.15:25 AI used for maintenance, scheduling, monitoring issues. Embracing technology.18:35 Questioning impact of technology on workforce integration.21:45 Knowledge, skills, ability, competency. Task-focused performance. Workforce coding. Qualification program ensures necessary skill sets. Tracking mechanism being developed. Vast department with skill spread.25:26 Real-time data for proactive leadership and action.27:05 Retention strategy includes talent competition and permeability.30:36 Improving marketing for civilian DoD jobs.33:49 It works for all sectors, find talent.40:19 Government employees and veterans bring valuable skills.41:27 Promote supply, train, partner for innovation.45:33 Virtual reality: future of government services and museums.The DoD's Cyber WorkforceCyber Workforce Improvement Is CrucialPatrick states that the Department of Defense's (DoD's) total cyber workforce, comprising military, civilian and industry partner contractors, is around 225,000 people. He notes that the DoD has the biggest gap in the civilian cyber workforce, which makes up about 75,000 people. According to Patrick, one of the key problems when bringing new cybersecurity technologies online is failing to adequately train the existing workforce on how to use and get value from those technologies. Training and Upscaling the Current Cyber WorkforceRather than pursuing full re-skilling of employees which can set them back, Patrick advocates for upskilling the current DoD cyber workforce. This involves assessing talent and capability gaps. Then providing the workforce with the necessary training to perform new technologies appropriately. Patrick states that partnering workforce members with automated processes like AI can help them become more effective by highlighting key info and threats.The Importance of Training and Upscaling in the Cyber Workforce: "Well, it's great to put new technology on the table. But if you don't take the time to train the workforce you have in the programs or the systems you're bringing online, you lose that effectiveness and you don't really gain the efficiencies or the objectives that you need to be."— Patrick JohnsonAutomation and AIAI Is Seen as a Partnership With the Human Cyber WorkforcePatrick views AI as a partnership with the human workforce rather than a threat. He emphasizes that AI should be seen as a "wingman or wingperson" that boosts productivity and acts as a force multiplier. Patrick explains that AI excels at rote, tedious tasks allowing the human workforce to focus more on creativity.AI Helps With Rote and Tedious TasksAccording to Patrick, AI is adept at attention-to-detail tasks that would be tedious for a human to manually perform. He provides the example of a cybersecurity analyst or defender whose productivity can be enhanced by AI highlighting anomalies in data...

Meet the man on a mission to make software bill of materials (SBOMs) boring. In this So What? episode, Tracy Bannon and Carolyn Ford sit down with Allan Friedman the Senior Advisor and Strategist at the Cybersecurity and Infrastructure Security Agency (CISA). Allan tells us about how he is working to change how all software on the planet is made and sold, no big deal right? Join us as we dive into the world of SBOMs, xBoMs, and Secure by Design.Key Topics03:59 Track open source licenses, establish shared vision.08:47 Discussing US government requirements, diversity in software.12:07 Framework helps organizations with secure software development.13:49 Organizations unaffected, prepare for impending software changes.17:40 Concerns about sharing software with potential security risks.20:59 Concerns about network security and regulatory pushback.24:14 Enhanced security measures save thousands of hours.27:53 Applying AI and data bombs in conversation.32:38 Discusses the importance of SBOM in cybersecurity.36:29 Rewriting global code is a complex task.39:39 At RSA, little focus on secure design.41:53 Organization's need for SBOM, call to action.43:55 Cooking for diverse family, diverse food requirements.Challenges and Implementation of SBOMsSelf-Attestation for SBOMsAllan Friedman explained that there is currently a self-attestation model for SBOMs, where companies can sign a form stating that they have implemented SBOMs, rather than providing the actual SBOM data. This allows flexibility for organizations that are not yet ready to fully comply. However, it means buyers have to trust the attestation rather than seeing the SBOM details directly.Secure Software Development Model Compliance: "The challenge there is turning the framework back into a compliance model. Because, again, at the end of the day, everyone wants to think about things. Right? Understand your risk, but you still need to make that yes or no decision."— Allan FriedmanTracy Bannon noted some companies have concerns about sharing their SBOM data with customers, worrying that the customer may not have secure enough practices to properly protect the SBOM. Allan Friedman explained SBOMs do not need to be public - they can be shared privately between supplier and customer. Known unknowns in the SBOM can also help address concerns about revealing proprietary information.Debate About the Risk of Sharing SBOMs as a Road Map for AttackersAllan Friedman argued that sophisticated attackers likely do not need the SBOM, as they have other ways to analyze and reverse engineer software. Automated attacks also do not leverage SBOMs. He noted defenders actually need the visibility an SBOM provides into components and dependencies. There may be some risk of exposing attack surface, but the benefits seem to outweigh that.The Importance of SBOM for Product Security: "If we had this, we had SBOM across our products today, it would save us thousands of hours a year Because whenever the next Log4j comes out, if you have a centralized machine readable, scannable system, It's not that hard." — Allan FriedmanAllan Friedman noted there has been some lobbyist pushback against SBOM mandates, often coming from trade associations funded by companies already implementing SBOMs. He said while healthy debate is good, many of the lobbyist complaints seem misguided or overblown.The Potential Role of AI in Creating SBOMs and Its Implications for SecurityCarolyn Ford asked whether AI could help automate SBOM creation, especially for legacy systems. Tracy Bannon cautioned that AI is not yet at the point where it can reliably generate code or understand large complex...

In the final, crossover episode of our three-part Halloween series, Eric Monterastelli, Public Sector SE at Delinea, Founder, Crew Chief of Gran Touring Motorsports and Host of the Break/Fix Podcast, joins Carolyn Ford and Tracy Bannon to discuss the scary reality of car security. Is your car spying on you? Can a nefarious actor take over your car? Does your car know your deep personal data like your immigration status, race and more? Hint: It can and it does.Key Topics00:02:05 Technology advances put vehicles at risk.00:06:25 Hijacked Jeep's wireless signal, turning it off.00:07:35 Chrysler systems hacked due to digital admission.00:10:47 New EV platforms streamline technology for efficiency.00:15:13 Disconnect, purge and be careful: data can be accessed.00:18:58 Using TrueCar, author obtained personal information illegally.00:21:54 Pre-OBD2 Mercedes is OBD1.00:25:12 Mozilla uncovers alarming auto data collection.00:28:29 Future vehicles will have integrated alcohol-detection systems.00:32:48 Routers, cars can be hacked, collect data.00:35:42 Read your vehicle's owner's manual for instructions.00:36:55 Speak to rental clerk about removing data.The Intersection of Cybersecurity, Car Security and the Ghostbusters MissionGhostbusters Mission: Car Security & Car HackingEric Monterastelli talks about how cars have evolved to include more computing technology, which opens them up to potential attacks. He gives the example of a Jeep that was hacked to shut off while driving, demonstrating the real dangers. Tracy Bannon contrasts U.S. car manufacturers that use many third-party components versus Tesla's more integrated system. She argues Tesla's approach may lend itself to more car security. The hosts explore different potential attack vectors into vehicles, like Bluetooth connections.Mozilla Participants Share Automotive InfoSec InsightsEric Monterastelli shares findings from a Mozilla report about the wide range of deep personal data that can be collected from cars. Including things like facial expressions, weight, health information and more. The hosts are alarmed by the privacy implications.Tracy Bannon advocates that car manufacturers need to make cybersecurity a priority alongside traditional safety. She indicates cars are data centers on wheels, collecting information that gets sent back to big cloud data centers. They emphasize the need for vigilance from car owners about what information they allow their vehicles to collect.Concerns About Data Collection in Modern VehiclesModern Car Security: Braking, Speed and Steering PatternsEric discusses the extensive data that is now collected by modern vehicles, especially EVs. He notes that information is gathered on things like stopping distances, brake pressure applied, vehicle speed and overall driving habits. This data is no different than the type of driver performance analysis done in race cars. Automakers are collecting real-world usage data from customer vehicles to analyze driving patterns and vehicle responses. Tracy adds that the average new vehicle contains over 100 different computers and millions of lines of code that are all networked together. This networked data covers areas like powertrain functions, safety features and infotainment systems. All of this interconnected data presents opportunities for tracking very detailed driving behaviors.Privacy Risks in Driving: Collecting Personal Data and ConcernsEric cites a concerning report that modern vehicles can potentially collect extremely sensitive personal data simply through normal driving. Including information on immigration status, race, facial expressions, weight,...

In the second episode of our 3-part Halloween series, Grant Schneider, Senior Director of Cybersecurity Services at Venable and former federal CISO, discusses the frightening implications of insider threats, how we are protecting critical infrastructure, and what it was like working on cybersecurity in the White House under both President Obama and President Trump.Key Topics00:03:59 Increased consequences led to rise of cybersecurity00:08:47 Insider threat, screening, hiring, malicious actor, Manning, Snowden00:09:53 Snowden challenges legality of government surveillance00:15:00 Adversary gains access, steals information, demands ransom00:19:19 Different levels of readiness present challenges00:23:15 Helping clients & coalitions for cybersecurity policy00:24:58 Consistency in technology and cybersecurity under past presidents00:27:47 Cybersecurity is like warfare or terrorism00:32:30 AI tools and data drive persuasive information00:34:50 National Cybersecurity Awareness Month raises awareness on cybersecurity and encourages action to protect businesses00:42:40 Diversity of experiences leads to career growth00:44:01 Adaptive, willing, and able to learnIntroduction to National Cybersecurity Awareness MonthPurpose of Raising Awareness About CybersecurityGrant explained that one of the great things about National Cybersecurity Awareness Month is exactly raising awareness and providing an opportunity to hopefully spend time thinking about and discussing cybersecurity. He noted that for organizations already focused on cybersecurity daily, the awareness month may not raise their awareness much more. However, many organizations don't constantly think about cybersecurity, so for business leaders and executives who may now recognize the existential threat a cyber incident poses, the awareness month offers a chance to have important conversations they may have previously avoided due to lack of understanding.National Cybersecurity Awareness Month: "You're only one bad kind of cyber incident away from your organization not existing anymore."— Grant SchneiderOpportunities for Organizations to Have Conversations About CybersecurityAccording to Grant, leaders who don't grasp cybersecurity risks may personally fear initiating conversations to ask what the organization needs to do to address risks. National Cybersecurity Awareness Month provides an opportunity for these leaders to have the necessary conversations and gain education. Grant said the awareness month is a chance to discuss basics, like implementing multifactor authentication, patching and updates. He observed that much of the content produced for the awareness month focuses on cybersecurity fundamentals, so it allows organizations to dedicate time to shoring up basic defenses. Overall, Grant emphasized National Cybersecurity Awareness Month facilitates essential cybersecurity conversations for organizations and leaders who otherwise may not prioritize it consistently.Evolution of Insider Threat in the Intelligence CommunityScreening Out Bad Actors During the Hiring ProcessGrant explains that in the early days of his career at the Defense Intelligence Agency (DIA), insider threat mitigation focused on screening out bad actors during the hiring process. The belief was that malicious insiders were either people with concerning backgrounds trying to get hired, or nation-state actors attempting to plant individuals within the intelligence community. The screening process aimed to identify and reject potentially problematic candidates.Nation-State Actors Planting Individuals Within the CommunityHe mentions the...

In the first episode of our 3-part Halloween series, Dave Egts, Mulesoft Public Sector Field CTO at Salesforce, details what's scaring the public sector most and how Salesforce is utilizing - and securing - AI to improve customer experience with their Einstein Trust Layer. Additionally, Carolyn and Dave dive into the spooky worlds of brain cell chips, mind-reading AI and more.Key Topics[02:17] Starting the Dave & Gunnar Show[04:14] Dave's Role At Salesforce[05:18] What's Scaring the Public Sector Most?[10:22] Ways Agencies are Attracting Talent[13:56] How Agencies Are Handling Legacy Systems[15:45] What MuleSoft Does & Generative AI's Role[22:44] Salesforce's Einstein Trust Layer[29:21] PoisonGPT[36:07] Brain Organoids & Other Spooky, Ethically Questionable Experiments[42:15] Tech Talk Questions: Halloween Edition Quotable QuotesConsiderations for the Public Sector While Using AI: "As you're going on your AI journey, you've got to be looking at the EULA [End User License Agreement] and making sure that, okay, if I give you data, what are you going to do with it?"On Bias & Disinformation in Generative AI: "There were some previous studies that show that people are more likely to go with the generative AI results if they trust the company and they trust the model. So it's like, 'Oh, it came from Google, so how can that be wrong?' Or 'I'm trusting the brand,' or 'I'm trusting the model.'"About Our GuestDavid Egts is MuleSoft’s first-ever Public Sector field CTO. Outside of MuleSoft, David is the founding co-chair of the WashingtonExec CTO Council, where he advises numerous companies on working with the public sector. David has received numerous industry-wide recognitions, including as an FCW Federal 100 winner, a FedScoop 50 Industry Leadership awardee and one of WashingtonExec’s Top Cloud Executives to Watch. He has won multiple employee honors from Red Hat, Silicon Graphics and Concurrent Technologies Corporation.Episode LinksDave & Gunnar Show EpisodesEpisode 165- If you can’t measure it, you can’t manage itEpisode 185- In Your Brain, Nobody Can Hear You ScreamEpisode 227- Meetings and PunishmentEpisodes 248 & 249- Stay tuned to the Dave & Gunnar Show for these episodes to go liveAdditional LinksMinority Report Cuyahoga Valley National ParkFlowers For Algernon

In this So What? episode, Jon Pelson, author of the best-selling book "Wireless Wars," discusses China’s impact on the telecommunications space. He also shares the frightening security concerns around Chinese components in 5G networks and discusses why the FCC's ban on these components may not be enough.Key Topics[01:30] China's Success in the Telecom Industry[05:12] China's Grip on 5G[08:29] Are Your Communications Ever Private?[13:00] The Influence of Technology[15:53] What Would Happen if China Got Control?[19:20] FCC Ban on Chinese Components[24:50] Huawei's Placement Strategy[30:05] Is the FCC Ban a Good Start?[38:42] How America Takes Back Control[44:51] Tech Talk QuestionsQuotable QuotesOn Huawei's Tower Placement: "Our nuclear missile bases, our special operations command at the nuclear sub base are all served by Huawei cell equipment." I said, 'That's impossible. They have like 0.1% market share. How could they have every nuclear missile site?' I started looking into it. The reason I called the book 'Wireless Wars' is because it's a war that's being fought through what appears to be business means. This is not business." -Jon PelsonOn Why We Should Protect Data: "People say, 'I have nothing to hide.' Especially the younger generation says, 'Look, my privacy, in that regard, is not that important.' I was asked at the end of an interview, 'What would happen if China got control over us the way they're trying to?' I said, 'You don't have to scratch your head and do scenario planning. Look at places where China has control over the population.' -Jon PelsonAbout Our GuestJon Pelson spent nearly 30 years working as a technology executive, including serving as vice president at Lucent Technologies and chief of convergence strategy for British Telecom. His work with China’s telecom industry during this time led Pelson to write his best-selling book "Wireless Wars" China’s Dangerous Domination of 5G and How We’re Fighting Back."Episode LinksThe Kill Chain by Christian BrosePaul Scharre's Tech Transforms EpisodeFocusBreaking BadBoyd by Robert CoramUndaunted Courage by Stephen Ambrose

On this special episode, Willie Hicks and Carolyn Ford discuss the Billington Cybersecurity Summit, as well as insights from panels, led by Willie, on workforce automation and zero trust.Key Topics[00:22] Willie's Workforce Automation Panel Highlights[03:28] The Difference Between Training & Education[11:11] Securing Data In A Zero Trust World Panel Highlights[16:31] Willie's Experience with Constant Reverification While Working in Financial Data Protection[20:44] Overarching Impressions from the Billington Cybersecurity SummitQuotable QuotesOn the Human Factor: "I think this is always the case, that the human's usually going to be the weakest link. We're always the weakest link. But that's why that constant reverification is so critical."On Generative AI: "We can't fear these things like generative AI. We've got to embrace it. We've got to use it. We've got to figure out how to use it and use it right and use it appropriately. But we have to figure out how to use it because you know who's using it? Our adversaries."About Our GuestWillie Hicks is the Public Sector Chief Technologist for Dynatrace. Willie has spent over a decade orchestrating solutions for some of the most complex network environments, from cloud to cloud native applications and microservices. He understands tracking and making sense of systems and data that has grown beyond human ability. Working across engineering and product management to ensure continued growth and speed innovation, he has implemented Artificial Intelligence and automation solutions over hundreds of environments to tame and secure their data.Episode LinksBillington Cybersecurity Summit SpeakersTech Transforms with Tom BillingtonTech Transforms with Ann DunkinMission Impossible

Sandi Larsen, Vice President, Global Security Solutions at Dynatrace, joins our host Carolyn Ford to share her perspectives on the relationship between zero trust and defense in depth. She also discusses her storied career, leadership and what it's like to be a woman in technology (although she dislikes the term). Additionally, Sandi shares her advice on identifying mentors, finding your voice and battling imposter syndrome.Key Topics[00:00] Introduction [01:10] Sandi's Role at Dynatrace [03:11] Sandi's Take on Zero Trust & Defense in Depth[09:21] Sandi’s Career Path[19:01] People in Technology and the Gender Gap [25:26] Sandi's Key Takeaway for Listeners[27:37] Tech Talk Questions Quotable QuotesOn Finding Inspiration: “You just can't sleep on these pivotal people in your career whether they're ahead of you or beside you or even behind you, I’ve been inspired by people that I am mentoring.”On Having Mentors: “Find mentors, they are just invaluable and will be throughout your whole entire career, no matter what stage you're in. At the beginning, at the middle, later in your career, they will always be indispensable for you.”On Using Your Voice: “Speak up. Just have a voice. And if that voice in your head is planting doubt, don't listen to it. If it's coaching you on what to say and what not to say, and being wise about that, listen to that. But if it's planting seeds of doubt, you've got to you have to push it aside. And you have to take that step. Because if you don't, you might be missing out on the next best thing.”About Our GuestSandi Larsen currently serves as the Vice President of Global Security at Dynatrace. Prior to joining Dynatrace in November 2020, Sandi held various positions, including sales and systems engineering roles in cybersecurity and financial services organizations. Episode LinksThe BearThe John Maxwell Leadership PodcastThe Tim Ferriss Show

Tom Billington, CEO of Billington CyberSecurity and Producer of the Billington CyberSecurity Summit, joins Carolyn and co-host Mark Senell to discuss the upcoming 14th Annual Billington CyberSecurity Summit, what goes into creating a valuable community for both the government and the commercial sector, and the important topics that will be the basis for this year's conference.Key Topics[02:58] - Founding the Billington Cybersecurity Summit [09:59] - Developing Conference Topics [12:43] - Bridging Federal and Commercial Cybersecurity [16:02]- Critical Infrastructure at Billington [19:04] - Commercial Industry at Billington [21:45] - Registering for The Summit[22:49] - Preparing Key Conference Themes [24:46] - Hottest Topics at Billington This Year[27:03] - What’s New About Zero Trust [28:22] - Tech Talk QuestionsQuotable QuotesOn Founding Billington Cybersecurity Summit: "I really started this business to be distinctly patriotic, to provide a serious dialogue in a way that I felt wasn't really being done at that time...So breaking into the federal cybersecurity community, to be honest, was hard as an entrepreneur. We had to build trusted relationship after trusted relationship. Over the course of 14 years, it's become decidedly easier now, now that we have had the privilege of having those trusted relationships."On Zero Trust: "Many of the areas that zero trust encompasses have been around since the profession has existed in cybersecurity. But at no other time has the U.S. government proclaimed the importance of this overarching field as it has in the last few years. So it becomes important for the government. It becomes important for the industry leaders who serve them."On International Cyber Collaboration: "So it's not just the U.S. team sport. It's an international team sport. The partnership with our international allies is crucially important."About Our GuestBefore launching his company in 2010, Tom Billington spent nearly two decades producing hundreds of events, publications and articles for four of the world’s leading media companies: Reader’s Digest, Phillips Business Information, BNA (now Bloomberg BNA) and Thomson Reuters. Now, Tom is the CEO and Founder of Billington CyberSecurity, a leading independent education company founded in 2010 with an exclusive focus on cybersecurity education. Every year, he hosts the Billington Cybersecurity Summit, which is known as the world's leading government summit on cybersecurity with the unique educational mission of convening the who's who in cybersecurity: the senior leadership from the U.S. government, our allied partners, and their industry and academic partners. Episode Links14th Annual Billington Cybersecurity Summit AgendaAnn Dunkin on Tech TransformsBooks By Kevin Mitnick

Ann Dunkin, Chief Information Officer (CIO) at the U.S. Department of Energy (DOE), joins Carolyn and guest host Willie Hicks to discuss the National Cybersecurity Strategy and what it takes to secure a large agency like the DOE, as well as how agencies balance cybersecurity compliance and risk management. She also highlights the DOE's role in the Partnership for Transatlantic Energy and Climate Cooperation (P-TECCC) and the agency's relationship with its industry partners.Key Topics[01:47] - Affect of the National Cybersecurity Strategy on DOE Modernization Initiatives[07:59] - Risk vs. Compliance[14:17] - Protecting a Large Agency like DOE vs. Smaller Agencies[16:49] - P-TECC Overview & DOE's Work with P-TECC[23:14] - Implementing Lessons Learned from the Global Community[26:11] - DOE Modernization Efforts & The Role of Public-Private Partnerships[30:26] - Where Industry Can Improve[36:03] - Tech Talk QuestionQuotable QuotesOn the Collective Defense: "The principles of collective defense, which underlie the cybersecurity strategy are incredibly important. That concept that we can't individually be safe, we have to work together. Once upon a time, you'd say, oh, if my cybersecurity's better than the guy down the street, they'll go down the street and forget about me. And we just can't do that. We're too interconnected. There's too much work we do together. There's too many interconnections between our systems. We absolutely positively have to develop that collective defense. In addition, part of that collective defense is ensuring that the burden of defense falls to those most able to deliver on that." - Ann DunkinOn balancing risk vs. compliance: "The reality is we can't do all the compliance. And so we absolutely have to look at risk to prioritize it. But I would argue that you should always look at your risk and balance that against your compliance exercises. Because number one, if you do all the compliance and then you start risk mitigation, you may be missing something big. But number two, because you probably don't have enough money to do all the compliance anyway." - Ann DunkinOn workforce development: "I firmly believe that we need pathways to move people in between the private and public sectors. And we need to make it easier for people to cycle between those places over the course of their career to leave government, to come back to government and to learn from each other. And also for the government through DOE and through other places to help build a workforce within the government that looks like America. And then to help the rest of America grow their workforce capabilities." - Ann DunkinAbout Our GuestAnn Dunkin serves as the Chief Information Officer at the U.S. Department of Energy, where she manages the Department’s information technology (IT) portfolio and modernization; oversees the Department’s cybersecurity efforts; leads technology innovation and digital transformation; and enables collaboration across the Department. Ms. Dunkin is a published author, most recently of the book Industrial Digital Transformation. Episode LinksNational Cybersecurity Strategy

Dr. Aaron Drew, Technical Director for the Supply Chain Management (SCM) Product Line at the U.S. Department of Veterans Affairs Office of Information and Technology, joins Carolyn to discuss the challenges of supply chain, modernization and risk management. Dr. Drew outlines the steps an organization can take to modernize and maximize applications for end users as well as capitalize on data analytics to better prepare our nation for times of need. Key Topics[01:15] - Scale of Veterans Affairs [05:21] - Supply Chain Tools and Challenges[13:54] - Advice for Supply Chain Management[20:24] - Tech Procurement[24:10]- User Acceptance[27:37] - Risks of not Modernizing[32:29] - Security Requirements[36:13] - Steps to Acquisition [40:10] - Tech Talk QuestionsQuotable QuotesOn identifying a need for a new tool: "If the tools you had before don't address that shift [in business], that change of dynamics, then that's when we have this gap. That's that delta between how you did business then and how I expect to do business tomorrow that will signify or call that ignition of this solution acquisition process." - Dr. Aaron DrewOn understanding user needs: "Either you are meeting them [users] where they are, which is very important, or you've lived it, which allows you to relate and commiserate with those who are working across a day-to-day basis, that's what's going to bring you organically to the problem. That's going to allow both parties then to own the solution." - Dr. Aaron DrewAbout Our GuestDr. Aaron J. Drew is the Technical Director for the Supply Chain Management (SCM) Product Line at the U.S. Department of Veterans Affairs. Previously, Dr. Drew simultaneously served as the Chief Engineer & Chief Architect for the Financial Management Business Transformation Special Program Office (FMBT-SPO) and the Chief Engineer & Chief Architect for the Supply Chain Modernization Program.  Episode LinksMITRESmithsonian MuseumsHolocaust Museum

Tracy Bannon, Senior Principal/Software Architect & DevOps Advisor at MITRE, returns to Tech Transforms for our So What segment to discuss all things generative AI. Following Tracy's presentation at the RSA Conference 2023, she and Carolyn discuss everything from software development lifecycle to the potential that various AI models may have. Key Topics[01:29] - Software Development Lifecycle: RSA Conference Recap[04:48] - Generative AI as a Service[07:36] - Potential for Disinformation [12:04] - Potential of AI for Developers[17:15] - Low Code / No Code Capabilities[26:14] - Discussion Roundup[31:14] - Tech Talk QuestionsQuotable QuotesDefinition of generative AI: "Generative AI is under the umbrella of large language models. And a large language model is just that. It is a model where vast amounts of text data have been fed in and it uses statistical analysis to figure out the likelihood that words or phrases go together." - Tracy BannonOn generative AI models: "It's only as good as the information that's going in, garbage in, garbage out." - Tracy BannonGenerative AI advice: ''Know that we have to really get focused on the ethics of using these tools. Know that there are big security risks, but get familiar. Get familiar. It isn't going to take your job today. It is going to augment many jobs, but it's not going to take them completely away." - Tracy Bannon About Our GuestTracy Bannon is a Senior Principal with MITRE Lab's Advanced Software Innovation Center. She is an accomplished software architect, engineer and DevSecOps advisor having worked across commercial and government clients. She thrives on understanding complex problems and working to deliver mission/business value at the speed. She’s passionate about mentoring and training, and enjoys community and knowledge building with teams, clients and the next generation. Tracy is a long-time advocate for diversity in technology, helping to narrow the gaps as a mentor, sponsor, volunteer and friend.Episode LinksSo What? Tech Transforms Federal News Roundup with Katy CraigApplying AI to the SDLC New Ideas and GotchasIt's 5:05The Kill ChainProject to ProductReal Technologists PodcastGreenlights

Alan Gross, Solutions Architect & Tech Lead at Sandia National Laboratories, joins Carolyn to talk about how DevOps is being leveraged to support the Department of Energy's contractor operated research lab. Alan dives into some of the initiatives at Sandia National Laboratories, and how he is applying his personal philosophy around user experience ops, or "UX Ops," to support the mission. Key Topics[01:12] About Sandia National Laboratories[03:50] Sandia's role in national security[06:25] DevOps versus DevSecOps [13:45] Department of Energy and Sandia [17:40] Sandia initiatives: a year of climate in a day & Hypersonic weapons[21:00] Alan's DevOps journey and advice for developers[33:55] Tech Talk questionsQuotable QuotesAlan on DevOps: " DevOps is about trying to deliver quickly and learn from your mistakes as fast as you can. So shifting left is part of that philosophy. If you have security issues with your software, you want to know about that as quickly as possible, because if you've already deployed to production, it's almost too late." - Alan GrossOn what advice Alan would give to new developers: "It's about failing fast and failing forward...How quickly can you learn new things, get new code and new products out in front of your users, and understand how they engaged with that." - Alan GrossAbout Our GuestAlan works as a full stack developer and technical lead at Sandia National Labs, with six years of experience in web technologies development. He develops within Python, Angular and .NET ecosystems, with a focus on enabling the developer experience at Sandia with novel solutions for the labs’ diverse development, software governance, security and business intelligence needs. Alan leads a team that is committed to reducing technical debt by emphasizing DevSecOps, modern application architecture (such as microservices) and data-driven outcomes.Episode LinksMollie RappePlanning and Implementation ToolTech Transforms Podcast with Dr. Stephen MagillPattern and Anomaly Detection in UXAdam Grant PodcastProject Ceti

Paul Scharre, Vice President and Director of Studies, at Center for a New American Security (CNAS), joins Carolyn and Mark to dive into his newest book, Four Battlegrounds: Power in the Age of Artificial Intelligence. From the first time he recognized the power AI could hold, to the ways AI may put us on a path to global peace, Paul offers valuable insight and perspective on the field of artificial intelligence and machine learning.Key Topics[01:44] About Paul Scharre[02:50] When Paul Scharre recognized the power of AI [07:17] The four Elements of the Battlegrounds[12:57] Paul Scharre's take on the technological divide in the United States, and how we can solve it[20:10] U.S.'s standing in comparison to Nation-State adversaries [26:18] Establishing globally agreed upon AI guardrails [31:45] The exponential growth of AI[42:12] Top requirements to achieve global peaceQuotable QuotesOn Paul's main focus when working at the Pentagon: "How can we use robotics to help create more distance between our service members and threats?" - Paul ScharreRole of humans in AI: "Having data and computing hardware, having chips alone, doesn't get you to some meaningful AI tool. You also need the human talent" - Paul ScharreOn adversary AI advancement: "Fundamentally, both the US and China are going to have access to AI technology, to robust AI ecosystems, big tech companies, startups within each country, and the bigger challenge is going to be: How does the military take this technology, work with its civilian AI scientists, and then translate this into useful military applications?" - Paul ScharreAbout Our GuestPaul Scharre is the Vice President and Director of Studies at the Center for a New American Security. Prior to this role and becoming an award-winning author, Scharre worked in the Office of the Secretary of Defense (OSD) where he played a leading role in establishing policies on unmanned and autonomous systems and emerging weapons technologies. He led the Department of Defense (DoD) working group that drafted DoD Directive 3000.09, establishing the department’s policies on autonomy in weapon systems. He also led DoD efforts to establish policies on intelligence, surveillance, and reconnaissance programs and directed energy technologies.Episode LinksProject MavenArmy of None

This week, Michael Edenzon, Co-Founder of Fianu Labs, joins Tech Transforms to talk about why automated governance is so critical to mission success. Michael also provides some great insight into his recently co-authored book Investments Unlimited.Key Topics[02:08] About Fianu Labs[04:54] What passes as evidence and how does it play into automated governance?[09:29] Michael's book: Investments Unlimited[16:50] Automated governance vs. Authority to Operate[28:33] Taking software asset inventory[35:40] Tech Talk Q&AQuotable QuotesOn what counts as evidence in the context of software governance: "Our real focus in that regard is trying to get people to realize that evidence isn't just this random metadata that's captured from here and there, but instead it's going through all of the enrichment and providing all of the context that's necessary for an auditor to come and reproduce those results that you're using to base your enforcement off of." - Michael EdenzonOn how automated governance relates to Authority to Operate: "It [automated governance] is a method for achieving the ATO. So it can accelerate your ATO process and it can help you reach it faster, but what automated governance really is, is a means of achieving continuous ATO." - Michael EdenzonAbout Our GuestMichael Edenzon is a senior IT leader and engineer that modernizes and disrupts the technical landscape for highly-regulated organizations. Michael provides technical design, decisioning, and solutioning across complex verticals and leverages continuous learning practices to drive organizational change. He is a fervent advocate for the developer experience and believes that enablement-focused automation is the key to building compliant software at scale.Episode LinksInvestments UnlimitedToyota KataFailure is Not an Option

In this episode of Tech Transforms, Nihal Krishan, tech reporter at FedScoop, discusses how and where the American government is lagging behind in technology, but there is a focus on modernization to improve the situation. We also talk about the need for comprehensive data privacy legislation and how budget caps may impact government agencies' modernization initiatives. Additionally, we explore concerns surrounding TikTok's ownership and data privacy, as well as the addiction and potentially harmful effects of the platform. We also touch on the importance of respecting sources as a journalist and provide a few podcast recommendations. Finally, we look at the challenges in understanding algorithms used by TikTok and how they could be used to promote divisive content. Join us to learn about these transformative topics in the tech world!Introducing Our Guest, Nihal KrishanNihal Krishan is a journalist who has covered the controversies surrounding TikTok. He highlights the privacy violations committed by the company when it accessed journalists' personal information to control their narrative. Krishan also acknowledges the legitimate fears surrounding the app since TikTok's parent company is based in China. However, he notes that there is no objective evidence of the Chinese government misusing American data obtained through TikTok. He raises the question of whether American social media companies are any better at safeguarding data than TikTok. Krishan argues that the debate over TikTok highlights the need for data privacy legislation in Congress.Key Topics:Government Budget and IT ModernizationPrivacy and Security on TikTokSocial Media and Data PrivacyEpisode Highlights:[00:00:57] TikTok has been criticized for invading journalists' privacy to control their perceptions of the app, but the evidence for harm is primarily based on perception and politics. There are concerns about Chinese government access to American data, but it has not been proven yet. The issue of data privacy is a larger problem for social media companies in general and calls for legislation.[00:06:04] TikTok is a popular Chinese-owned social media platform with almost a billion users, mainly Gen Z, and its popularity has caused concerns about national security and data privacy in the US.[00:10:13] Understanding TikTok's algorithms is like understanding Facebook and Google's algorithms. The government is concerned that TikTok could sow seeds of discord like how Russians did in 2016 on Facebook. It's a complicated problem faced by all social media platforms.[00:12:29] TikTok is highly addictive and has a powerful algorithm that tailors to a user's preferences. Instagram and other apps are trying to copy its success. Concerns arise over its safety and effects on users, especially children and those with attention issues, requiring regulations.[00:14:57] Data privacy laws are crucial for people who don't have time to limit their phone and social media use. Bipartisan support exists for Children's data and app time protection, but comprehensive legislation is still needed.[00:18:54] US government lags behind in technology; modernization is a key issue for federal agencies and Congress has formed an IT Modernization Committee to improve it, but bureaucracy and political battles affect appropriations for IT modernization.[00:22:31] Caps on spending for agencies may hamper modernization efforts.[00:24:18] Budget cuts expected on unspecified agencies and programs; impact and details unknown. Reporting on changes to come. Cybersecurity noted.[00:25:50] Journalists rely on trust to get information and protect sources. Most people's comments are not newsworthy, and journalists don't report everything they hear. Building relationships and protecting sources is important for breaking good...

Nihal Krishan, Tech Reporter at FedScoop joins Carolyn for a special two-part episode to talk about some of the hottest topics in government tech. In Part 1, Nihal gives some eye-opening insight on all things ChatGPT including security, privacy, and national bans.Episode Table of Contents[0:25] Introducing Our Guest, Nihal Krishan[7:39] We Need to Upskill[15:45] How the U.S. Government Is Dealing With ChatGPT[23:00] Stanford University Human Center Artificial Intelligence Index Report of 2023Episode Links and ResourcesEpisode Links and ResourcesNihal KrishanFedScoopStanford University Human Centered Artificial Intelligence Index Report

Col. Candice Frost, JIOC Commander at United States Cyber Command joins Carolyn and Mark to talk about her journey as a lifelong-learner, and how she is applying her skills to the innovative work at Cyber Command. From the importance of public-private partnerships, to teaching our kids healthy cyber security habits, Col. Frost offers her valuable insights on how we can all think innovatively and better secure our nation.Episode Table of Contents[0:29] Col. Frost’s Journey to Being the JIOC Commander at US Cyber Command[8:04] How US Cyber Command Came to Be[16:04] Understanding the Nature and Psychology of War[23:35] The Parts Played by US Cyber Command in Our Security[30:46] The Thrill of Working at US Cyber Command[37:55] How US Cyber Command Keeps Everyone Safe[44:31] Nothing is True and Everything is PossibleEpisode Links and ResourcesCol. Frost LinkedInU.S. Cyber CommandAfternoon Cyber TeaClick Here PodcastSpies Lies and AlgorithmsNothing is True and Everything is PossibleThe Wires of War

Commander Jonathan White, Cloud and Data Branch Chief at the United States Coast Guard joins Carolyn and Mark to talk about the groundbreaking developments his team is doing with C5I. Commander White stresses the importance of public-private partnerships, and gives tips on how agencies can better approach the future of technology.Episode Table of Contents[0:33] What Is C5I?[7:54] What Are the Goals of C5I[15:12] What the Future Holds for C5I[22:35] Commander White’s Favorite Project Pre C5I[29:39] What Role Has Industry Played for C5I[35:14] Pieces of Advice[40:23] From the First Piece of Technology to C5I[45:16] Introduction to AIEpisode Links and ResourcesEpisode Links and ResourcesCommander WhiteUSCGHack Your Bureaucracy

Stephen Magill, Vice President, Product Innovation at Sonatype dives into the complexities of open source and software security. Find out how government agencies are utilizing open source, and what Sonatype is doing to help secure our most trusted software.Episode Table of Contents[0:23] The Core Focus Area of Open Source Technology[7:24] The Security Measures Open Source Implements[14:32] A Vulnerability in the Open Source[21:42] The Vulnerability Log4j Poses in the Open Source[29:06] Identifying the Root of the Problem[36:01] Watching Out for Malicious CodeEpisode Links and ResourcesStephen MagillSonatypeSonatype Safety RatingMaven Central